Описание
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server.
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-61943
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json
- https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea
- https://www.aveva.com/en/support-and-success/cyber-security-updates
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01
Связанные уязвимости
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server.
Уязвимость программного обеспечения для онлайн-моделирования и оптимизации процессов AVEVA Process Optimization, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю выполнить произвольный код, повысить свои привилегии и получить полный контроль над системой